.st0{fill:#FFFFFF;}

Podcast

6 Impacts – 1 Event – Ep 346 

 March 11, 2022

By  Donna Grindle

Share0
Tweet0
Share0

impacts' /></p> <p>Security events can have significant business impacts. It’s important to understand the magnitude of what’s going on and what the risks are. Having a plan in place to deal with privacy and security events can make it better, but not having one can make it worse.</p> <p>[spp-player URL=Security events can have a significant impact on your business. It’s important to understand the magnitude of what’s going on and what the risks are. Having a plan in place to deal with privacy and security events can make it better, but not having one can make it worse.

A 5 star review is all we ask from our listeners.
1x
Apple PodcastsGoogle PodcastPlayer EmbedShare Review Us on Apple PodcastsListen in a New WindowDownloadSoundCloudStitcherSubscribe on AndroidSubscribe via RSSSpotify
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

In this episode:

6 Impacts – 1 Event – Ep 346

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

The Privacy and Security Boot Camp

3.5 day In Person Event

Sep 12, 13, 14 and 15

PriSecBootCamp.com

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

HIPAA Say What!?!

[02:54] This came in a while back but we kept it on the back burner before discussing in order to get a little distance from when the event occurred.

Patient who is over the age of 18 that signed a HIPAA authorization form and has requested us to share the entire medical record with the military recruiter. I have an employee taking objection to that fact stating the recruiting process should not have access to the entire history.

Here’s the important thing to keep in mind: It is the patient’s right to provide information to whomever they want. If it seems fishy, not phishy, you can confirm the request but not convert the thinking of the patient. Bottom line is… it’s Nunya… nunya business.

[06:15] I also ran across an article about snooping through medical records.

Health providers snoop through medical files of potential dates – MedCity News

This article is talking about hospitals, but we all know if it is happening there others with access to this amount of information can be involved in the same thing somewhere else. Not just CEs but BAs too. If you think you don’t have to worry about it at all, you probably have it happening. This is the stuff that keeps people like us up at night. Privilege abuse is a major problem that never makes the news.

6 Impacts – 1 Event

[10:01] One single privacy and security event can cause a lot of trouble for your practice.

  1. Patient Safety – Most important thing of all. Patient care is always impacted in some manner. Machines don’t work, information isn’t available, appointments get canceled are just a few of the ways patient safety can be impacted. There are tons of stories where people have died and critical treatment has been delayed or canceled at facilities that were under a ransomware attack.
  2. [13:49] Business Interruption – Just going to paper isn’t easy. Systems unavailable or minimal operations. Everything takes longer. Having an incident response plan and testing it periodically is key. The number one thing that you screw up in responding to anything is not having a plan. It’s the number one thing you can do to make it better and the number one thing that you cannot do to make it worse. Even if you have a plan, your plan needs to understand everything will take longer. You’ll be operating in a minimal capacity. Not only will it take longer, but you won’t be able to handle the volume you normally handle. And you’re going to have key people that are tied up dealing with the incident, IT, lawyers, insurance folks, etc. You are basically trying to operate your business while it is shut down.
  3. [20:12] Reputation – Bad news travels at the speed of light. A privacy or security incident can cause financial loss, staff being diverted, deals put on hold, loss of business opportunity and more. People will draw conclusions immediately about how good or bad you are and what you should have done to protect their data. These days, good or bad, right or wrong, your reputation will be impacted on social media. Take the Scripps Health issue (we discussed this in Privacy Questions Everywhere – Ep 304), soon after the news of their problem got out, people were criticizing the Scripps folks and talking about changing providers, what Scripps should be doing, and even filing lawsuits. People really feared that they would never have their medical records again and if they did, they didn’t know whether they could trust the integrity of the data.
  4. [25:49] Financial – So many financial issues – costs everywhere. Billing falls off because work isn’t getting done, you may require technical, forensics and legal experts, your normal work backs up, etc. So, you want to have a plan so that you can maintain as much business as usual as possible. You cannot do that if you don’t have a plan. You need to account for the financial impacts of all the money you’ll have to spend, potentially buying new equipment to replace equipment that cannot be recovered, extra staff to fill in for the people that are busy running around with their hair on fire or the ones who are having to do “paper”.
  5. [29:49] Liability – Class action lawsuits, malpractice issues, state laws suits will all be issues you’ll have to deal with. And the final round is HHS/OCR. Having to deal with an OCR investigation regarding HIPAA failures is almost always last and should be the least of your concerns. If you can prove you’re doing the work, an OCR investigation will be smooth sailing compared to all the other things you have to worry about.
  6. [31:34] Strategic – Just like we all experienced in 2020 with COVID, all of your strategic plans and business plans can definitely blow up when you experience a privacy or security incident. Everything you had planned for the next few years gets pushed back or shredded altogether. Strategic impacts can’t be quantified. There’s too many variables. But you need to be aware that that will be impacted. If you are in acquisition mode, your investors will likely put that on hold. Or if you just finished acquiring another business and you find out criminals were in the computer systems and then dropped off a ransomware attack. That’s why a lot of investment firms are requiring an accounting of your cybersecurity program and HIPAA compliance program during their evaluation.
Go to top

Businesses need to do everything they can to prevent privacy and security incidents from happening and then do everything they can to be prepared to have it happen so that you can mitigate the damage. They need to do everything they can to limit the overall impact to your business and the overall community.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Listener Survey

Special thanks to our sponsors Security First IT and Kardon.

Share 0
Tweet 0
Share 0

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: